Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-798
Total 965 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-10723 1 Rangerstudio 1 Directus 2018-06-12 7.5 HIGH 9.8 CRITICAL
Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT statement in api/schema.sql.
CVE-2018-9161 1 Prismaindustriale 1 Checkweigher Prismaweb 2018-05-11 7.5 HIGH 9.8 CRITICAL
Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the prismaweb account by reading user/scripts/login_par.js.
CVE-2018-5768 1 Tendacn 2 Ac15, Ac15 Firmware 2018-04-18 10.0 HIGH 9.8 CRITICAL
A remote, unauthenticated attacker can gain remote code execution on the the Tenda AC15 router with a specially crafted password parameter for the COOKIE header.
CVE-2018-1206 1 Emc 1 Data Protection Advisor 2018-04-13 7.2 HIGH 7.8 HIGH
Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection Advisor versions prior to 6.4 Patch 110 contain a hardcoded database account with administrative privileges. The affected account is "apollosuperuser." An attacker with local access to the server where DPA Datastore Service is installed and knowledge of the password may potentially gain unauthorized access to the database. Note: The Datastore Service database cannot be accessed remotely using this account.
CVE-2017-8013 1 Emc 1 Data Protection Advisor 2018-04-13 7.5 HIGH 9.8 CRITICAL
EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". An attacker with knowledge of the password could potentially use these accounts via REST APIs to gain unauthorized access to EMC Data Protection Advisor (including potentially access with administrative privileges).
CVE-2016-0235 1 Ibm 1 Security Guardium Database Activity Monitor 2018-04-04 7.2 HIGH 8.2 HIGH
IBM Security Guardium Database Activity Monitor 10 allows local users to have unspecified impact by leveraging administrator access to a hardcoded password, related to use on GRUB systems. IBM X-Force ID: 110326.
CVE-2018-1216 1 Dell 4 Emc Solutions Enabler Virtual Appliance, Emc Unisphere For Vmax Virtual Appliance, Emc Vasa Virtual Appliance and 1 more 2018-03-29 10.0 HIGH 9.8 CRITICAL
A hard-coded password vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21, Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514, and Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier). They contain an undocumented default account (smc) with a hard-coded password that may be used with certain web servlets. A remote attacker with the knowledge of the hard-coded password and the message format may use vulnerable servlets to gain unauthorized access to the system. Note: This account cannot be used to log in via the web user interface.
CVE-2017-11634 1 - 1 Wireless Ip Camera 360 2018-03-22 10.0 HIGH 9.8 CRITICAL
An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover a weakly encoded admin password by connecting to TCP port 9527 and reading the password field of the debugging information, e.g., nTBCS19C corresponds to a password of 123456.
CVE-2015-9254 1 Datto 16 Alto 2, Alto 2 Firmware, Alto 3 and 13 more 2018-03-19 7.5 HIGH 9.8 CRITICAL
Datto ALTO and SIRIS devices have a default VNC password.
CVE-2014-3205 1 Seagate 4 Blackarmor Nas 110, Blackarmor Nas 110 Firmware, Blackarmor Nas 220 and 1 more 2018-03-18 10.0 HIGH 9.8 CRITICAL
backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$%FREDESWWSED' for a backdoor user.
CVE-2018-1214 2 Dell, Microsoft 2 Emc Supportassist Enterprise, Windows 2018-03-12 4.4 MEDIUM 7.0 HIGH
Dell EMC SupportAssist Enterprise version 1.1 creates a local Windows user account named "OMEAdapterUser" with a default password as part of the installation process. This unnecessary user account also remains even after an upgrade from v1.1 to v1.2. Access to the management console can be achieved by someone with knowledge of the default password. If SupportAssist Enterprise is installed on a server running OpenManage Essentials (OME), the OmeAdapterUser user account is added as a member of the OmeAdministrators group for the OME. An unauthorized person with knowledge of the default password and access to the OME web console could potentially use this account to gain access to the affected installation of OME with OmeAdministrators privileges. This is fixed in version 1.2.1.
CVE-2012-2166 1 Ibm 8 Xiv Storage System 2810-114, Xiv Storage System 2810-114 Firmware, Xiv Storage System 2810-a14 and 5 more 2018-03-10 10.0 HIGH 9.8 CRITICAL
IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unknown vectors. IBM X-Force ID: 75041.
CVE-2018-6825 1 Omninova 2 Vobot, Vobot Firmware 2018-03-08 10.0 HIGH 9.8 CRITICAL
An issue was discovered on VOBOT CLOCK before 0.99.30 devices. An SSH server exists with a hardcoded vobot account that has root access.
CVE-2017-12724 1 Smiths-medical 1 Medfusion 4000 Wireless Syringe Infusion Pump 2018-03-02 6.8 MEDIUM 8.1 HIGH
A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump contains hardcoded credentials, which are not fully initialized. The FTP server is only accessible if the pump is configured to allow FTP connections.
CVE-2017-12725 1 Smiths-medical 1 Medfusion 4000 Wireless Syringe Infusion Pump 2018-03-02 6.8 MEDIUM 5.6 MEDIUM
A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump with default network configuration uses hard-coded credentials to automatically establish a wireless network connection. The pump will establish a wireless network connection even if the pump is Ethernet connected and active; however, if the wireless association is established and the Ethernet cable is attached, the pump does not attach the network stack to the wireless network. In this scenario, all network traffic is instead directed over the wired Ethernet connection.
CVE-2017-12726 1 Smiths-medical 1 Medfusion 4000 Wireless Syringe Infusion Pump 2018-03-02 7.5 HIGH 7.3 HIGH
A Use of Hard-coded Password issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. Telnet on the pump uses hardcoded credentials, which can be used if the pump is configured to allow external communications. Smiths Medical assesses that it is not possible to upload files via Telnet and the impact of this vulnerability is limited to the communications module.
CVE-2018-6387 1 Iball 2 Ib-wra150n, Ib-wra150n Firmware 2018-02-15 10.0 HIGH 9.8 CRITICAL
iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a hardcoded password of admin for the admin account, a hardcoded password of support for the support account, and a hardcoded password of user for the user account.
CVE-2017-1204 1 Ibm 1 Tealeaf Customer Experience 2018-02-07 7.5 HIGH 9.8 CRITICAL
IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 contains hard-coded credentials. A remote attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 123740.
CVE-2018-5723 1 Barni 2 Master Ip Camera01, Master Ip Camera01 Firmware 2018-02-05 10.0 HIGH 9.8 CRITICAL
MASTER IPCAMERA01 3.3.4.2103 devices have a hardcoded password of cat1029 for the root account.
CVE-2017-14143 1 Kaltura 1 Kaltura Server 2018-01-26 7.5 HIGH 9.8 CRITICAL
The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie.